摘要 |
Techniques for managing risks of a business enterprise include identifying a threat to a business enterprise; identifying, based on the threat, a plurality of business enterprise assets and associated impacts; determining a plurality of threat scenarios, each threat scenario including a qualitative probability and a qualitative impact; assigning a quantitative probability and a quantitative impact to each of the plurality of scenarios based on an evaluation of the qualitative probability and the qualitative impact in a risk matrix; determining, with a simulation model, a quantitative risk of the identified threat based on the assigned quantitative probability and quantitative impact; and preparing an output including the determined quantitative risk of the identified threat for display. |